Ricardo Paiva · Oct 5, 2016

Authorization (OAuth 2.0) failure due to mismatch server name (SSL Cert)

I am using OAuth2 Cache framework, acting as a client to an authorization server. My setup is based on this excellent previous post [Caché Open Authorization Framework (OAuth 2.0) implementation – part 1].

I'm facing ‘Authorization Server Error: Error Processing Response - No match between server name '' and SSL certificate values…’

It looks like I should set SSLCheckServerIdentity to false but I can’t figure out how. Has anyone had the same issue?

0 4 807 3


Can you post code sample?

Going by the error message, have you tried providing  certificate?

Ricardo, we had direct communication about this issue. AFAIK, the last message from you was that you're all set. Can you please post an answer with description of what steps you took to fix the issue?

Or am I wrong? Thank you.

Dan Kutac

Stepping back a bit:

What endpoint are you using? From Terminal, I see different certificates for and

USER>set old = $io set dev = "|TCP|443" open dev:("":443:/TLS="Demo") use dev w 123,! use dev s cer = $System.Security.Users.SSLGetPeerCertificate() use old w $System.Encryption.X509GetField(cer,"Subject"),!,$System.Encryption.X509GetField(cer,"Extension:subjectAltName"),O=Google Inc,L=Mountain View,ST=California,C=US

USER>close dev set old = $io set dev = "|TCP|443" open dev:("":443:/TLS="Demo") use dev w 123,! use dev s cer = $System.Security.Users.SSLGetPeerCertificate() use old w $System.Encryption.X509GetField(cer,"Subject"),!,$System.Encryption.X509GetField(cer,"Extension:subjectAltName")
CN=*,O=Google Inc,L=Mountain View,ST=California,C=US
DNS:*, DNS:*, DNS:*,,

However, in my browser, if I navigate to, I see the certificate (and a 404 error). This difference in behavior might have something to do with Caché's lack of support for Server Name Indication (SNI).

Regardless, what happens if you change the endpoint to rather than

Thank you all for your inputs. This issue was solved a few weeks ago. Solved it considering instead of